114 lines
3.9 KiB
JSON
114 lines
3.9 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20193147",
|
|
"Version": "oval:org.altlinux.errata:def:20193147",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2019-3147: package `cyrus-imapd` update to version 3.0.12-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2019-3147",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-3147",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-18928",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-18928",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades cyrus-imapd to version 3.0.12-alt1. \nSecurity Fix(es):\n\n * CVE-2019-18928: Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2019-11-16"
|
|
},
|
|
"Updated": {
|
|
"Date": "2019-11-16"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2019-18928",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-18928",
|
|
"Impact": "Critical",
|
|
"Public": "20191115"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20193147001",
|
|
"Comment": "cyrus-imapd is earlier than 0:3.0.12-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20193147002",
|
|
"Comment": "cyrus-imapd-devel is earlier than 0:3.0.12-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20193147003",
|
|
"Comment": "cyrus-imapd-doc is earlier than 0:3.0.12-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20193147004",
|
|
"Comment": "cyrus-imapd-doc-full is earlier than 0:3.0.12-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20193147005",
|
|
"Comment": "cyrus-imapd-ldap is earlier than 0:3.0.12-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20193147006",
|
|
"Comment": "cyrus-imapd-murder is earlier than 0:3.0.12-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20193147007",
|
|
"Comment": "cyrus-imapd-utils is earlier than 0:3.0.12-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20193147008",
|
|
"Comment": "perl-Cyrus is earlier than 0:3.0.12-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |